Globalization of the technology supply chain has changed the way the Department of Defense (DoD) approaches the trustworthiness of complex critical systems. In the past, much of this trust was based on the fact that critical systems and their components were designed and manufactured within the U.S. by cleared personnel. Systems were also simpler with less reliance on multi–function integrated circuits. But times have changed. The use of integrated circuit technology across the world has increased dramatically, and the market for critical integrated circuit technologies such as Application Specific Integrated Circuits (ASICs) and field-programmable gate arrays (FPGAs) is no longer dominated by DoD.
Due to this market evolution, DoD neither controls production nor drives the requirements of leading-edge devices. Even in situations wherein production can be controlled, such as through the use of the DoD Trusted Foundry, modern integrated circuit designs are so complex that they are typically composed of third–party intellectual property (3PIP) circuit cores of unknown provenance. They are often designed, synthesized, and validated by electronic design automation (EDA) software developed overseas. In addition, the components are often integrated onto printed circuit boards (PCBs) for commercial-off-the-shelf (COTS) electronics at overseas manufacturing facilities, prior to entering the U.S. market. Thus, even with ostensibly trusted processes of production, DoD systems and their software, firmware and hardware components are susceptible to counterfeiting and malicious tampering.
The MacB approach to supply chain security includes a comprehensive assessment of the system and its subcomponents throughout their lifecycle. We have a well-established history of providing support for security, cyber threat, integrity, and vulnerability analysis, as engineering services to our government customers. MacB is accredited by Defense Microelectronics Activity (DMEA) for Category 1A Design Services in the Trusted Integrated Circuit (IC) Supplier Program. Our subject matter experts help deter, detect, delay or react to the compromise of these systems. As an independent evaluator, we can work with the developers, system integrators, and operators to verify that the development, manufacture, and deployment of the system has properly identified and protected the mission-critical functions and critical components.